The present invention relates to cryptographic apparatus, and more particularly to a cryptographic processor using a double feedforward arrangement to implement an encryption algorithm having a complementarity property, such that inversions at the input of the cryptographic processor can be detected at the output thereof.
Cryptographic apparatus is used to transform messages to render them unintelligible to all but the intended receiver of the message. In cable and satellite television systems, for example, encryption is used to prevent theft of services. In computer communications, data encryption is used to render messages unintelligible as well as to provide assurance to the receiver that the message is not a forgery. Encryption can also allow the receiver to prove to a third party that the message is not a forgery. These various functions are referred to as, respectively, communication security, authentication and digital signatures.
The transformation used to encipher a message involves the use of an encryption algorithm and a key. The key information is kept secret. In order to encipher a message, the encryption algorithm is applied to the message and the key is used as an auxiliary input to control the enciphering. The task of deciphering is the reverse operation, and is performed similarly.
Cryptosystems depend upon an amount of key information that is independent of the message length. In theory, these systems are breakable. However, they are usable in practice since the person trying to break the cipher must use an impractical or infeasible amount of computational resources in order to break the cipher. In other words, the "work-factor" necessary to break the cipher is high enough to prevent a successful attack.
An example of a cryptosystem in wide use today is the data encryption standard (DES), which was approved by the U.S. National Bureau of Standards in 1976. The DES algorithm enciphers a sixty-four bit message block under control of a fifty-six bit key to produce a sixty-four bit ciphertext. Details of the DES algorithm can be found in FIPS Publication 46, "Specifications for the Data Encryption Standard," Jan. 15, 1977, and FIPS Publication 74, "Guidelines for Implementing and Using the NBS Data Encryption Standard," Apr. 1, 1981, both available from the U.S. Department of Commerce, National Technical Information Service.
One common use of an encryption algorithm is as part of a "hash function" in which authentication of an input signal is provided by processing (i.e., "hashing") the input signal with a cryptographic key. In a conventional single feedforward hash function (SFFH), inversion of a signal at the input of the function cannot be detected at the output of the function. This is undesirable in many implementations, since security may be compromised if alterations are made to data that is input to the secure processor without some means of detecting that changes have been made. If a party trying to break the security can obtain information as to how the system responds to changes in the input data, without detection by the system, then an opportunity is provided to experiment over a relatively long period of time and potentially succeed in thwarting security.
It would be advantageous to provide apparatus for implementing a hash function that enables the detection, at the output of the hash function, of changes such as data inversions made at the input thereto. Such an implementation would provide the property of complementarity to the hash function.
It would be further advantageous to provide apparatus for providing complementarity in systems using cascaded cryptographic hash functions. Such an apparatus should provide an input key to each successive stage that is produced in such a way that ensures complementarity, thereby enabling inversions at the inputs to the function to be detected at the output thereof.
The present invention provides apparatus having the aforementioned advantages.